On 12/12/12 17:50, Christopher Roberts wrote:
On Wednesday 12 Dec 2012, Dom Latter wrote:
103 attempts on a non-standard port?
Yes, not sure what your question is though.
Just surprised at that many attempts on a non-standard port.
Most scripts don't bother AFAIK. Waste of time - if SSH is
running on a non-standard port then chances are that
efforts have been made elsewhere - better to move on
to the next IP address.
Anyway - do
you have users that you don't trust to set a
strong-enough password?
That's not the point - better to stop the attempts in the first place
if you can, and you can by choosing a non-standard port.
If you have strong passwords, then these scripted SSH attempts
are just an irritant, not a threat. They are looking for typical
weak logins like "test" / "test".
So your resources *might* be better spent elsewhere.
I know there is an argument against "security by
obscurity", but I
think it is a false one in this situation.
It's not going to help you against a *targeted* attack - if you have
SSH running on a port they'll find it (unless you start doing port-knocking,
etc). And non-targeted attacks are not an issue.